SIKE – Supersingular Isogeny Key Encapsulation

SIKE is an isogeny-based key encapsulation suite based on pseudo-random walks in supersingular isogeny graphs, that was submitted to the NIST standardization process on post-quantum cryptography. It contains two algorithms:

• A CPA-secure public key encryption algorithm SIKE.PKE, and
• A CCA-secure key encapsulation mechanism SIKE.KEM,

each instantiated with four parameter sets: SIKEp434, SIKEp503, SIKEp610 and SIKEp751.

Submission status

SIKE and SIDH are insecure and should not be used. For more information, please refer to our statement to NIST.

Updates

Specification

NIST submission

The original submission package can be downloaded from the NIST web site. An updated version of the submission package (with corrections) is available from this server, in tar.gz or ZIP format.

The (updated) specification document alone can also be downloaded separately.

Resources

Research articles

Hardware implementation

• Rami Elkhatib, Reza Azarderakhsh, and Mehran Mozaffari-Kermani. Accelerated RISC-V for post-quantum SIKE, May 2021.

• Reza Azarderakhsh, Rami El Khatib, Brian Koziel, and Brandon Langenberg. Hardware deployment of hybrid PQC, Apr. 2021.

• Jing Tian, Bo Wu, and Zhongfeng Wang. High-speed FPGA implementation of SIKE based on an ultra-low-latency modular multiplier, Sep. 2020. To appear in IEEE Transactions on Circuits and Systems I (2021).

• Rami Elkhatib, Reza Azarderakhsh and Mehran Mozaffari-Kermani. Efficient and fast hardware architectures for SIKE round 2 on FPGA, May 2020. Published in ARITH 2020.

• Pedro Maat C. Massolino, Patrick Longa, Joost Renes and Lejla Batina. A compact and scalable hardware/software co-design of SIKE, Jan. 2020. Published in TCHES 2020.

• Brian Koziel, A-Bon Ackie, Rami El Khatib, Reza Azarderakhsh, and Mehran Mozaffari-Kermani. SIKE'd Up: Fast and Secure Hardware Architectures for Supersingular Isogeny Key Encapsulation, Jun. 2019. Published in IEEE Transactions on Circuits and Systems I (2020).

• Brian Koziel, Reza Azarderakhsh, and Mehran Mozaffari Kermani. A high-performance and scalable hardware architecture for isogeny-based cryptography, Mar. 2018. Published in IEEE Transactions on Computers (2018).

Software implementation

• Hwajeong Seo, Pakize Sanal, Wai-Kong Lee, and Reza Azarderakhsh. No Silver Bullet: Optimized Montgomery multiplication on various 64-bit ARM platforms, Feb. 2021.

• Mila Anastasova, Reza Azarderakhsh and Mehran Mozaffari Kermani, Fast strategies for the implementation of SIKE Round 3 on ARM Cortex-M4, Jan. 2021.

• Hwajeong Seo, Mila Anastasova, Amir Jalali and Reza Azarderakhsh. Supersingular Isogeny Key Encapsulation (SIKE) Round 2 on ARM Cortex-M4, Apr. 2020. Published in IEEE Transactions on Computers.

• Hwajeong Seo, Pakize Sanal, Amir Jalali, and Reza Azarderakhsh. Optimized implementation of SIKE round 2 on 64-bit ARM Cortex-A processors, Mar. 2020. Published in IEEE Transactions on Circuits and Systems I (2020).

• Hwajeong Seo, Amir Jalali, and Reza Azarderakhsh. Optimized SIKE Round 2 on 64-bit ARM, Jun. 2019. Published in WISA 2019.

• Hwajeong Seo, Amir Jalali, and Reza Azarderakhsh. SIKE Round 2 speed record on ARM Cortex-M4, May 2019. Published in CANS 2019.

• Joppe W. Bos and Simon J. Friedberger. Faster modular arithmetic for isogeny based crypto on embedded devices, Aug. 2018. Published in Journal of Cryptographic Engineering (2020).

• Hwajeong Seo, Zhe Liu, Patrick Longa and Zhi Hu. SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange, Jul. 2018. Published in TCHES 2018.

• Joppe W. Bos and Simon J. Friedberger. Arithmetic considerations for isogeny based cryptography, Apr. 2018. Published in IEEE Transactions on Computers (2019).

• Brian Koziel, Amir Jalali, Reza Azarderakhsh, David Jao, and Mehran Mozaffari Kermani. NEON-SIDH: Efficient Implementation of Supersingular Isogeny Diffie-Hellman Key Exchange Protocol on ARM, Nov. 2016. Published in CANS 2016.

• Craig Costello, Patrick Longa, and Michael Naehrig. Efficient algorithms for supersingular isogeny Diffie-Hellman, Apr. 2016. Published in CRYPTO 2016.

Enhancements

• Geovandro C. C. F. Pereira and Paulo S. L. M. Barreto. Isogeny-based key compression without pairings, Apr. 2021.

• Geovandro C. C. F. Pereira, Javad Doliskani and David Jao. x-only point addition formula and faster compressed SIKE, Apr. 2020. Published in Journal of Cryptographic Engineering (2020).

• Michael Naehrig and Joost Renes. Dual Isogenies and Their Application to Public-key Compression for Isogeny-based Cryptography, May 2019. Published in Asiacrypt 2019.

• Gustavo H. M. Zanon, Marcos A. Simplicio Jr., Geovandro C. C. F. Pereira, Javad Doliskani, and Paulo S. L. M. Barreto. Faster key compression for isogeny-based cryptosystems, Nov. 2017. Published in IEEE Transactions on Computers (2019).

• Craig Costello, David Jao, Patrick Longa, Michael Naehrig, Joost Renes, and David Urbanik. Efficient compression of SIDH public keys, Oct. 2016. Published in Eurocrypt 2017.

• Reza Azarderakhsh, David Jao, Kassem Kalach, Brian Koziel, Christopher Leonardi. Key compression for isogeny-based ryptosystems, Mar. 2016. Published in AsiaPKC 2016.

Security analysis

• Aymeric Genêt, Natacha Linard de Guertechin, and Novak Kaluđerović. Full key recovery side-channel attack against ephemeral SIKE on the Cortex-M4, Jun. 2021. Published in COSADE 2021.

• Élise Tasso, Luca De Feo, Nadia El Mrabet and Simon Pontié. Resistance of isogeny-based cryptographic implementations to a fault attack, Jun. 2021. Published in COSADE 2021.

• Laia Amorós, Annamaria Iezzi, Kristin Lauter, Chloe Martindale and Jana Sotáková. Explicit connections between supersingular isogeny graphs and Bruhat–Tits trees, Mar. 2021. Published in Women in Numbers Europe III: Research Directions in Number Theory (2021).

• Péter Kutas, Simon-Philipp Merz, Christophe Petit and Charlotte Weitkämper. One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols, Mar. 2021. Published in Eurocrypt 2021.

• Boris Fouotsa Tako, Péter Kutas and Simon-Philipp Merz. On the isogeny problem with torsion point information, Feb. 2021.

• Patrick Longa, Wen Wang, and Jakub Szefer. The cost to break SIKE: A comparative hardware-based analysis with AES and SHA-3, Nov. 2020. Published in CRYPTO 2021.

• Hiroshi Onuki, Yusuke Aikawa and Tsuyoshi Takagi. The existence of cycles in the supersingular isogeny graphs Used in SIKE, Aug. 2020.

• Victoria de Quehen, Péter Kutas, Chris Leonardi, Chloe Martindale, Lorenz Panny, Christophe Petit, and Katherine E. Stange. Improved torsion point attacks on SIDH variants, May 2020. Published in CRYPTO 2021.

• Samuel Jaques and André Schrottenloher. Low-gate quantum golden collision finding, Apr. 2020. Publisned in SAC 2020.

• Chloe Martindale and Lorenz Panny. How to not break SIDH, May 2019. Published in CFAIL 2019.

• Craig Costello, Patrick Longa, Michael Naehrig, Joost Renes and Fernando Virdia. Improved classical cryptanalysis of the computational supersingular isogeny problem, Mar. 2019.

• Samuel Jaques and John M. Schanck. Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE, Feb. 2019. Published in CRYPTO 2019.

• Anamaria Costache, Brooke Feigon, Kristin Lauter, Maike Massierer, and Anna Puskás. Ramanujan graphs in cryptography, Jun. 2018. Published in Research Directions in Number Theory: Women in Numbers IV.

• Gora Adj, Daniel Cervantes-Vázquez, Jesús-Javier Chi-Domínguez, Alfred Menezes, and Francisco Rodríguez-Henríquez. On the cost of computing isogenies between supersingular elliptic curves, Apr. 2018. Published in SAC 2018.

• Brian Koziel, Reza Azarderakhsh, and David Jao. An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange, Nov. 2016. Published in CT-RSA 2018.

• Brian Koziel, Reza Azarderakhsh, and David Jao. Side-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman, Jul. 2017. Published in SAC 2017.

• Steven D. Galbraith, Christophe Petit, Barak Shani, and Yan Bo Ti. On the security of supersingular isogeny cryptosystems, Sep. 2016. Published in Asiacrypt 2016.

• Luca De Feo, David Jao, and Jérôme Plût. Towards Quantum-Resistant Cryptosystems From Supersingular Elliptic Curve Isogenies, Sep. 2011. Published in PQCrypto 2011 and Journal of Mathematical Cryptology (2014).

Expository articles

• Craig Costello, The case for SIKE: A decade of the Supersingular Isogeny Problem, Apr. 2021.

• Craig Costello, Supersingular isogeny key exchange for beginners, Nov. 2019. Invited talk at SAC 2019.

• Luca De Feo. Mathematics of Isogeny Based Cryptography, Nov. 2017.

• Steven Galbraith and Frederik Vercauteren, Computational problems in supersingular elliptic curve isogenies, Aug. 2017.

• Wouter Castryck. Elliptic curves are quantum dead, long live elliptic curves, May 2017.

• David Urbanik. A friendly introduction to Supersingular Isogeny Diffie-Hellman, Mar. 2017.

Industry studies

• Christian Paquin, Stay quantum safe: future-proofing encrypted secrets, May 2020.

• Amazon Web Services Security Blog:

  • Round 2 Hybrid Post-Quantum TLS Benchmarks, Apr. 2020
  • Post-quantum TLS now supported in AWS KMS, Nov. 2019

• CloudFlare blog:

  • The TLS Post-Quantum Experiment, Oct. 2019
  • Towards Post-Quantum Cryptography in TLS, Jun. 2019
  • Introducing CIRCL: An Advanced Cryptographic Library, Jun. 2019
  • SIDH in Go for quantum-resistant TLS 1.3, Sep. 2017

• Adam Langley, Real-world measurements of structured-lattices and supersingular isogenies in TLS, Oct. 2019

Talks

• Luca De Feo. Supersinglar Isogeny Key Encapsulation, NIST Third PQC Standardization Conference, Jun. 2021.

• David Jao. Implementation of isogeny-based cryptography, NIST PQC Round 3 seminar series, Feb. 2021.

• Luca De Feo. Are isogenies for real?, Real World Cryptography, Jan. 2021.

• @naehrwert. (Post-Quantum) Isogeny Cryptography, 36c3, Dec. 2019.

• David Jao. Supersingular Isogeny Key Encapsulation, NIST PQC Standardization Conference, Apr. 2018.

• Patrick Longa. Supersingular isogeny based cryptography gets practical (slides), Real World Cryptography Conference 2018, Jan. 2018.

• Craig Costello. Key encapsulation using supersingular isogenies, Nov. 2017.

• Luca De Feo. 20 Years of Isogeny-Based Cryptography, Nov. 2017.

• Deirdre Connolly. Supersingular Isogeny Diffie-Hellman (slides), Cloudflare Crypto Meetup, Feb. 2017.

• Michael Naehrig. Supersingular Isogeny Diffie-Hellman, Real-World Cryptography Conference 2017, Jan. 2017.

• David Urbanik. Introduction to the post-quantum Supersingular Isogeny Diffie-Hellman protocol (slides), Jul. 2016.

Implementation

The SIKE submission contains seven implementations. These are available from the submission package, or individually below:

• Reference implementation
• Optimized implementation
• AMD64 implementation
• ARM64 implementation
• Cortex M4 implementation
• VHDL implementation
• Weierstrass implementation

All of the implementations are licensed under the MIT license.

The following implementation is available from Microsoft Research:

• Microsoft SIDH library

The following implementations are available from third parties:

• Cloudflare CIRCL library
• SIKE for Java

Known Answer Test

Known Answer Test (KAT) files are available from the submission package, or individually from this server.

Authors

• David Jao, University of Waterloo and evolutionQ, Inc. (principal submitter)
• Reza Azarderakhsh, Florida Atlantic University and PQSecure Technologies, LLC
• Matthew Campagna, Amazon
• Craig Costello, Microsoft Research
• Luca De Feo, IBM Research Zürich
• Basil Hess, Infosec Global, Switzerland
• Aaron Hutchinson, Louisiana Tech University
• Amir Jalali, LinkedIn Corporation
• Koray Karabina, National Research Council, Canada
• Brian Koziel, Texas Instruments
• Brian LaMacchia, Microsoft Research
• Patrick Longa, Microsoft Research
• Michael Naehrig, Microsoft Research
• Geovandro Pereira, University of Waterloo and evolutionQ, Inc.
• Joost Renes, Radboud University
• Vladimir Soukharev, Infosec Global, Canada
• David Urbanik, University of Toronto

Contact

• sike@sike.org